For a project I am working on I needed to iterate over all .xml files in a specific directory. I started out with a DirectoryIterator, then considered I didn't want the XML filtering to take place inside my foreach loop. I decided to add a FilterIterator to the setup, but then felt this was not the right solution either. So I turned to my favorite SPL guru, Joshua Thijssen, to see if I was overseeing some kind of filter-option in the DirectoryIterator. I didn't, but I did oversee something else: GlobIterator.

The GlobIterator lets you use functionality similar to the glob function (including being able to use wildcards in file searching) and get the resulting list back as a set of SplFileInfo objects, complete with additional metadata that can be extracted.

On PHPCodeBase.com there's a recent post looking at a handy file system function that you can use to search directories simpler than a usual opendir/readdir method - glob.

Are you guys still using opendir() function to read the the files from the folder in PHP? Luckily PHP have the glob() function which perform this task very faster and smarter.

He compares an example of the opendir/readdir method to a few line replacement with glob, both searching the same directory for files. He looks at the arguments you can pass into glob - the path to search and a flag that adds special handling to the method (like turning off sorting, modifying the regular expression handling and stopping on errors).

The glob function, the subject of a recent post on NETTUTS.com, is the topic of this new post from Bill Karwin on the php|architect website. He focuses on the efficiency of the function over the convenience it offers.

The glob() function is convenient but the solution using the fewest lines of code isn’t always the most efficient - if by efficient you mean fastest. [...] My benchmark results ranged from 12.4 seconds down to 1.2 seconds. That’s a pretty wide spread, so it’s worth paying attention to performance as well as coding convenience.

He shows the different methods he used to get those results, one that returned an array and filtered directories, another that didn't filter and a third using the GLOB_NOSORT argument. He also compares it with scandir and the opendir/readdir combo.

Sometimes when you're looking through the filesystem in your PHP application, you just need a quick and easy way to grab a file listing from a directly and move on. Sure, you can use the usual opendir and readdir combo to loop through the files, but there's another function that might suit your needs better - glob. In this quick tutorial from NETTUTS.com today they show you how it works.

Are you still using opendir() to loop through folders in PHP? Doesn’t that require a lot of repetitive code everytime you want to search a folder? Luckily, PHP’s glob() is a much smarter solution.

They include code examples showing how the usual opendir/readdir code can be translated over to an example using glob and mention the two arguments you can use - a pattern-matching search string and a modifier to change settings on the search and on the results returned.

Jordi Boggianohad the "pleasure" of discovering a small quirk with PHP's glob function in an application he was working on - watch out for directories that contain square braces, they won't return in the results!

Working on some personal project that lists a bunch of stuff on my hard drive, I found out that directories that contain square brackets (those []) don't return any results for the simple reason that glob reads [stuff] as a character class, just like in regular expressions. When you know it it makes perfect sense, but when you don't, the documentation is really not so helpful. Of course it mentions libc's glob() and unix shells, but not everyone knows what that implies at first glance.

He tried a few things to get around the bug (including escaping the brackets in the directories) but ended up writing a function (glob_quote) to handle the escaping of all of the meta-characters glob might need to escape to return all of the files and folders correctly.

The vulnerability is caused due to an error in the handling of an uninitialized structure inside the "glob()" function. This can be exploited to execute arbitrary code, which may lead to security restrictions (e.g. the "disable_functions" directive) being bypassed.

The vulnerability is confirmed in the 5.2.3 win32 installer. Other versions may also be affected.

The issue is marked as "less critical" and can be avoided easily by only allowing trusted users the correct permissions to execute PHP code on the server.

The vulnerability is caused due to an error in the handling of an uninitialized structure inside the "glob()" function. This can be exploited to execute arbitrary code, which may lead to security restrictions (e.g. the "disable_functions" directive) being bypassed.

The vulnerability is confirmed in the 5.2.3 win32 installer. Other versions may also be affected.

The issue is marked as "less critical" and can be avoided easily by only allowing trusted users the correct permissions to execute PHP code on the server.